6.4 - Public-Facing Web Applications Protected Against Attacks

Requirement 6.4 of PCI DSS v4.0 mandates that any public-facing web application handling cardholder data be safeguarded against known attacks, typically through a web-application firewall, secure coding practices, and regular vulnerability testing, to ensure that exploitable weaknesses are identified and mitigated before they can be abused.